Security system access detection

ABSTRACT

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for access and control of networked devices. In one aspect, a method includes receiving a request for access to a security system device; determining whether the device is set to a first mode or a second mode; and in response to determining that the device is in the second mode, generating one or more notifications to authorized users identifying the access to the security device.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims priority to U.S. patentapplication Ser. No. 14/228,849, filed on Mar. 28, 2014, the entirecontents of which are hereby incorporated by reference.

BACKGROUND

This specification relates to access and control of networked devices.

Conventional security systems can include one or more security camerasand/or one or more sensors positioned at different points of a securitysystem location, e.g., a home or office. Some conventional home securitysystems use a public switched telephone network (PSTN) to transmitalerts to an authorized call service provider using dual-tone multifrequency (DTMF) signaling. A live operator at the call service providerservices incoming alarms, e.g., by calling the police. Additionally, insome security systems, the cameras, sensors, or other devicescommunicate with an access point using wireless signals.

SUMMARY

This specification describes technologies relating to access and controlof networked devices.

In general, one innovative aspect of the subject matter described inthis specification can be embodied in methods that include the actionsof receiving a request for access to a security system device;determining whether the device is set to a first mode or a second mode;and in response to determining that the device is in the second mode,generating one or more notifications to authorized users identifying theaccess to the security device. Other aspects include apparatuses,systems, and computer storage media encoding a computer program thatincludes instructions that can be executed by one or more computersperforms operations described in the specification.

The foregoing and other embodiments can each optionally include one ormore of the following features, alone or in combination. The second modeindicates one or more authorized users are present within a regioncovered by the security system. The first mode indicates that authorizedusers are not present within a region covered by the security system.Determining whether the device is set to a first mode or a second modeand generating one or more notifications is performed by firmware of thesecurity system device. Determining whether the device is set to a firstmode or a second mode and generating one or more notifications isperformed by a hardware circuit of the security system device. Thesecurity system device is an internet protocol (IP) device. The IPdevice is an IP camera. The one or more notifications include one ormore of an audible alarm or a flashing light emitted from the accessedsecurity device. The one or more notifications include a text or pushnotification to a user device of one or more authorized users. Thenotification includes an identity of the user gaining access to thesecurity device.

In general, one innovative aspect of the subject matter described inthis specification can be embodied in methods that include the actionsof receiving at a security system, one or more types of data associatedwith users of the security system; using the received data to determinea particular mode to set one or more security devices of the securitysystem; setting the mode of one or more security devices based on thedetermination; receiving a request to access a first security device ofthe security system; and determining whether to provide a notificationbased on the mode set for the first security device. Other aspectsinclude apparatuses, systems, and computer storage media encoding acomputer program that includes instructions that can be executed by oneor more computers performs operations described in the specification.

The foregoing and other embodiments can each optionally include one ormore of the following features, alone or in combination. One of the oneor more types of data is location data for one or more authorized users.The determining the particular mode includes determining the location ofeach authorized user and wherein a first mode is set when users arelocated within a region covered by the security system and a second modeis set when users are not located within the region covered by thesecurity system. One of the one or more types of data is sensor data forone or more sensors of the security system. The determining theparticular mode includes determining whether sensor data indicates thatusers are located within a region covered by the security system andwherein a wherein a first mode is set when users are located within aregion covered by the security system and a second mode is set whenusers are not located within the region covered by the security system.One of the one or more types of data is user profile data. Thedetermining the particular mode includes analyzing the user profiles andsetting the mode based on the analysis. The analysis includes analyzinguser schedules. The analysis includes analyzing user specified rules. Afirst rule specifies a particular security device as always being set tothe first mode. Setting the mode of one or more devices includes settingthe mode of all devices in the security system. Setting the mode of oneor more devices includes setting the mode of a particular subset ofdevices of the security system.

Particular embodiments of the subject matter described in thisspecification can be implemented so as to realize one or more of thefollowing advantages. Notification techniques that indicate access tosecurity system devices such as cameras are provided to improve userprivacy. Using firmware or hardware circuits in security devices totrigger notifications based on device mode reduces the likelihood thatthe notifications can be bypassed.

The details of one or more embodiments of the subject matter describedin this specification are set forth in the accompanying drawings and thedescription below. Other features, aspects, and advantages of thesubject matter will become apparent from the description, the drawings,and the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an example system.

FIG. 2 is an example diagram for setting a device mode.

FIG. 3 is a flow diagram of an example notification method according todevice mode.

FIG. 4 is an example device configured to operate in stay and awaymodes.

Like reference numbers and designations in the various drawings indicatelike elements.

DETAILED DESCRIPTION

FIG. 1 is a block diagram of an example system 100. The system 100includes a local security system 102 that is communicatively coupled toa service provider system 114, e.g., through a network (notillustrated).

The local security system 102 includes a security management device 104and wireless enabled devices 106, 108, and 110. In some implementations,the wireless enabled devices 106, 108, and 110 are communicativelycoupled to the security management device 104 through a secure wirelessnetwork.

The wireless enabled devices 106, 108, and 110 can include differentInternet Protocol (IP) devices such as IP cameras as well as wirelesssensors and other devices. For example, in a typical home securitysystem, several strategically positioned cameras and sensors may beincluded. In addition to sensors included for security purposes such asmovement and displacement sensors, for example, detecting the opening ofdoors and windows, other sensors providing other useful information maybe included such as doorbell sensors, smoke detector alarm sensors,temperature sensors, and/or environmental control sensors and/orcontrols. Additionally, the wireless enabled devices can includeactuator devices. The actuator devices can include for example a dooractuator that allows for remote locking and unlocking of an associateddoor, window, or other latched structure.

Video data captured by an IP camera (e.g., video, a video clip, or oneor more still images generated from video), can be wirelesslytransmitted to the security management device 104 for transmission tothe service provider system 114. The security management device 104 canalso include an RF transmitter/receiver configured to receive alerts orother communications from the respective sensors, cameras, and otherdevices. The RF transmitter/receiver can use any suitable RF wirelessprotocol, in particular those used in home security and automationincluding, for example, 433 MHz, 426 MHz, 868 MHz, Zwave, Zigbee, WiFi,etc.

The security management device 104 can be an access point device. Thesecurity management device 104 can be used to manage the wirelessenabled devices 106, 108 and 110, for example, to establish the securewireless network and to communicate with the service provider system114. For example, the security management device 104 can send eventnotifications, e.g., in response to a triggered sensor, to the serviceprovider system 114 which provides the event notifications to one ormore users of the local security system 102, e.g., to user device 118.Similarly, the security management device 104 can receive commands fromthe service provider system 114, e.g., to provide video data to aparticular authorized user of the local security system 102 in responseto a request or to activate a particular device of the local securitysystem 102 such as an actuator device, as will be described in greaterdetail below.

The security management device 104 is communicatively coupled to theservice provider system 114, e.g., using a modem or directly to theInternet through an ISP, through a local router 112. In someimplementations, the local router 112 can be coupled to one or moremodes of communication. For example, a broadband connection mode such ascable or Ethernet, a PSTN telephone connection mode, or a cellularconnection mode. In some alternative implementations, the securitymanagement device 104 includes a router such that the separate localrouter 112 is not included in the local security system 102.

The security management device 104 can also act as a gatekeeper thatprovides a single avenue for communication with the service providersystem 114. In particular, instead of allowing the wireless enableddevices to communicate directly with the service provider system 114,e.g., using a 3G dongle, only local communications within the securitysystem, e.g., to the security management device 104, are permitted. Thisreduces the number of connections between various security systems andthe service provider system 114. The security management device 104 canperiodically communicate with the wireless enabled devices 106, 108, and110, for example, to confirm active status. If there is a problem one ofthe wireless enabled devices, the security management device 104 cannotify the service provider system 114 which may in turn notify one ormore user devices associated with the security system, e.g., user device118.

The service provider system 114 provides management and communicationfunctions for the system 100. In particular, while only one localsecurity system 102 is shown, the service provider system 114 can beused to manage multiple different local security systems associated withcorresponding users. The service provider system 114 can be one or moreservers or a cloud based management system. The service provider system114 can provide authentication and registration functions forestablishing a secure wireless network at the local security system 102as well as for authenticating user control commands and requests.Furthermore the service provider system 114 can manage communicationbetween the security management device 104 and one or more user devices118 associated with the local security system 102.

The user device 118 represents various device types that can be used byone or more users to receive security data, e.g., alerts or videostreams, and provide control instructions for the local security system102. For example, the user devices 118 can be one of various types ofsmartphones that includes a security management application or a webbrowser for accessing a security management website.

When the user device 118 attempts to interact with the service providersystem 114, its authority may be confirmed by the service providersystem 114. For example, the user device 118 can provide informationthat uniquely identifies the requesting device, e.g., an InternetProtocol (IP) address, a product serial number, or a cell phone number.Alternatively, the user may provide a user name and password which arevalidated to determine authority to interact with the service providersystem 114 and to access data associated with the local security system102. To facilitate such authorization procedures, the service providersystem 114 can store, or have ready access to, authorization informationfor each secure wireless network of users who subscribe to the service.The user device 118 can be used to receive information from the localsecurity system 114, e.g., alarm information, as well as used to controlfunctions of the security system, e.g., to request video data from an IPcamera or to activate an actuator device (e.g., a door actuator) of thelocal security system 102 (e.g., as wireless enabled device 106).

FIG. 2 is an example diagram 200 for setting a device mode. A securitysystem can include one or more IP devices, e.g., one or more of the IPdevices 106, 108, and 110 of FIG. 1. In particular, the IP devices willgenerally be referred to in this specification as being cameras,however, the techniques can be applied to other suitable IP devices inthe security system. The cameras, for example, can communicate with asecurity management device though a wireless network of the localsecurity system, e.g., security system 102. The communications to andfrom the cameras can be encrypted and identity verification can berequired for individuals to access camera data.

Conventional IP devices including IP cameras may be vulnerable tounauthorized intrusions allowing device access, e.g., access to cameravideo or images, without permission or unwanted access to authorizedindividuals. To protect against access, the security devices can have aparticular set mode 202, which is determined 204 based on one or morecriteria 206.

In some implementations, each security device has a first mode and asecond, different, mode although other modes are possible. Inparticular, each camera can be set in a stay mode or in an away mode. Inthe stay mode, the security device is configured to alert authorizedusers whenever the security device is being accessed. The securitydevice can be placed in stay mode, for example, when individualsassociated with the security system are present (e.g., at home). In theaway mode, the security device can be accessed without notification oralert in the event of being accessed, e.g., when the individuals are notat home.

In some implementations, the security management device applies the samemode to all devices, e.g., to all cameras, in the security system. Inother implementations, devices can be placed in different modes withinthe same security system. For example, an authorized user can specifyparticular cameras to be in a particular mode even if the one or morecriteria for determining a different mode are satisfied. In anotherexample, an authorized user can designate a particular camera to remainin stay mode in situations where the remaining cameras switch to awaymode, e.g., when the user leaves the house. That way the authorizeduser(s) can remain notified if the stay mode camera is accessed. Thus,the particular mode of each of the security devices can be specificallytailored to event criteria and user preferences.

Returning to the stay mode, the notification or alert triggered byaccess to a security device can take one or more of a variety of forms.For example, the alert can include an audible alarm (e.g., beeping) orone or more light flashes from the accessed security device, an audiblealarm from a separate device of the security system, a notification on asecurity application installed on the mobile device of specifiedauthorized users, a text notification (e.g., short message service(SMS)), a push notification on the application, etc.

Information displayed in a text or application notification can includean identity of a person or persons gaining access to the security deviceor devices. In particular, if the person is an authorized user or otherindividual identified by the service provider system, e.g., an emergencycontact, the person gaining access can be identified. Other informationprovided in the notification can include location data of the personaccessing the device including one or more of physical location, IPlocation, or other known location, as well as the time stamp of eachdevice access, and/or an identification of the particular securitydevice being accessed.

In some implementations, as noted above, the devices can be manuallyplaced in the stay or away mode. However, in some other implementations,the mode can be set 202 based on a determination made automaticallyaccording to analysis of received data 206.

The mode can be determined based at least in part on device locationdata 208. In particular, if a user device of a designated user (e.g.,authorized users, family members) is located within a defined region, adetermination can be made to place the security devices in stay mode.The defined region can be, for example, the user's home, business, orwithin specified monitored zones within the home or business, e.g.,within certain camera coverage. In some implementations, when a userdevice is in communication with a home router by WiFi, the system canuse this location data indicating the user is in the home toautomatically set the security devices to stay mode.

The mode can also be determined based at least in part on sensor data210. Security system sensors such as motion sensors, contact sensors,GPS, or other environmental/tracking sensors can detect individual'spresence in the security system and use that data to determine whichmode to set one or more security system devices, e.g., to set one ormore devices to the stay mode when the data indicates the individual isin a particular region.

The mode can also be determined based at least in part on user profiledata 212. Specifically, authorized users can configure user profilesthat specify criteria for setting the mode for each device. The userprofile can be based on a schedule or particular security system eventsdefined by a set of rules. For example, rules can identify events suchas entering a room covered by a device as a trigger for setting the staymode. Alternatively, another rule can set the stay mode whenever theuser is in the home.

Based on analysis of the received data 206, the mode for one or moredevices is determined and set. For example, security cameras within thesecurity system can be configured to operate in the set stay or awaymode because the user location or profile. The system can periodicallyrecheck the criteria to determine whether the mode set for one or moredevices should be changed. Alternatively, a change defined by newlyreceived data 206 can trigger a new determination of the mode to set forone or more devices. For example, when a user leaves the home, thechange in the device location 208 can trigger the determination tochange the devices to be set in away mode.

FIG. 3 is a flow diagram of an example notification method 300 accordingto device mode. For convenience, the method is described with respect toa device e.g., a camera in a security system, that performs the method.

The device receives a request for data access (302). The data access canbe, for example, access to camera data. The request can be received, forexample, though a wireless network of a security system. Alternatively,the device can be communicatively wired to a security management device.The request can include, for example, a request to provide video feed oran image capture.

In response to the received request, the device determines the devicemode as set to either ‘stay’ or ‘away’ (304). The mode may have beenpreviously set, for example, based on a determination made from receiveddata as descried above with respect to FIG. 2. If the device is set toaway mode, the device provides the requested data without triggering anotification (306). However, if the device is determined to be set tostay mode, the device generates one or more notifications (308).Generating a notification can include device level notifications such asan alarm or light as well as transmitting the notification to thesecurity management device for further processing, such as for sendingtext or push notifications to authorized users. The notifications can begenerated before or concurrently with providing the requested data tothe requestor. In some other implementations, when set to stay mode, aconfirmation is required from the security management device prior toproviding the requested data.

FIG. 4 is an example device 400 configured to operate in either stay oraway modes. In particular, the example device 400 is an IP camera device402. The IP camera device 402 includes a communication module 404, apower module 406, and a camera module 408. The communication module 404provides communication functions for the IP camera within the securitysystem, for example, wired or wireless communication as well asestablishing proper communication and authentication. In someimplementations, the communication module 404 includes a WiFitransmitter/receiver.

The power module 406 provides electrical power for the IP camera device402. In some implementations, the power module 406 includes one or morebatteries for powering the IP camera device 402. In otherimplementations, the power module 406 includes components for managingand transforming input electrical power from a home electrical system.

The camera module 408 includes camera software that manages the camerafunctions of the IP camera device 402 including software and hardwarefor capturing video data and formatting the captured data fortransmission as video or still image data. The camera module 408 canalso include notification hardware or firmware 410 that triggersnotification when access requests under stay mode are detected. Forexample, a particular hardware circuit or firmware code, which isdifficult to compromise from an external source, can be built into thecamera module 408 such that when the video or audio access request orcamera activation occurs, a notification can be provided depending onthe mode set for the IP camera device 402. While providing robustnotification protection, the use of hardware or firmware may not be ableto provide complex logic or dynamic profile management to determinewhether or not notifications should be provided.

Alternatively, or additionally, notification software 410 on the cameramodule 408 can obtain user/device profile information, for example, fromthe security management device or the service provider system. Thesoftware can include a number of determinations that directly establishthe mode for the IP camera device 402 as well as the notificationtrigger. For example, the software can use the profile information andthe request to determine 1) whether certain functions are activated,e.g., video or audio; 2) whether the request was received from anauthorized user; 3) the date/time of the request; 4) the condition ofother sensors in the security system; and 5) the location or status ofthe authorized users of the system. The profile can be dynamicallyupdated by various inputs locally or from the service provider system.

In some implementations access to security devices can be detected by asecurity management device, e.g., the security management device 104described above with respect to FIG. 1. The security management devicecan use both hardware/firmware or application techniques as describedabove with respect to device level access detection. Additionally, thesecurity management device can detect access based on network trafficincluding by port number or network protocol used. In particular, thesecurity management device can manage all requests for access toindividual security devices. Thus a requesting user does not communicatedirectly to the individual security devices. The security managementdevice can set the respective modes for the individual security devicesas well as determine the mode and potential notifications in response toreceiving a request to access a particular device.

In some other implementations, access to security devices can bedetected by a service provider system, e.g., the service provider system114 described above with respect to FIG. 1. The service provider systemcan manage the user profiles described above. In particular, as amanager of user profiles, the service provider system 114 can include adatabase or other storage architecture that stores user/device profiles.Authorized users can change their profile(s) using a web browserinterface or through an application installed on a user computing deviceincluding a mobile device. The user/device profiles can also be updatedin response to a system-wide event, for example, when a major securitybreach has occurred. For example, a vendor that provides various IPdevices, e.g., IP devices 106, 108, or a vendor associated with userdevices such as user device 118 can have a security breach that requiresan update to user/device profiles.

The service provider system 114 can also perform access detection. Inmany cases, the user device 118 will connect to the service providersystem 114 first to perform authentication and authorization before itcan access particular devices e.g., security management device 104 or IPdevices 106, 108, 110. In this case, the service provider system 114 cansend notifications to related users and devices based on the user/deviceprofiles. The service provider system 114 can also have a built-inlearning system. This system can detect regular user behavior, suchas 1) when the user typically accesses security devices; 2) where theuser device 118 is located based on physical location or network type;3) which IP device the user typically accesses; and/or 4) for whatduration of time the user typically accesses devices. If the userbehavior does not satisfy the detected patterns of typical user behaviorthe security provider system 114 can issue a challenge question to userdevice 118 to verify the user authentication. Alternatively, oradditionally, the security provider system 114 can send notificationdirectly to related users and devices.

Embodiments of the subject matter and the operations described in thisspecification can be implemented in digital electronic circuitry, or incomputer software, firmware, or hardware, including the structuresdisclosed in this specification and their structural equivalents, or incombinations of one or more of them. Embodiments of the subject matterdescribed in this specification can be implemented as one or morecomputer programs, i.e., one or more modules of computer programinstructions, encoded on computer storage medium for execution by, or tocontrol the operation of, data processing apparatus. Alternatively or inaddition, the program instructions can be encoded on anartificially-generated propagated signal, e.g., a machine-generatedelectrical, optical, or electromagnetic signal, that is generated toencode information for transmission to suitable receiver apparatus forexecution by a data processing apparatus. A computer storage medium canbe, or be included in, a computer-readable storage device, acomputer-readable storage substrate, a random or serial access memoryarray or device, or a combination of one or more of them. Moreover,while a computer storage medium is not a propagated signal, a computerstorage medium can be a source or destination of computer programinstructions encoded in an artificially-generated propagated signal. Thecomputer storage medium can also be, or be included in, one or moreseparate physical components or media (e.g., multiple CDs, disks, orother storage devices).

The operations described in this specification can be implemented asoperations performed by a data processing apparatus on data stored onone or more computer-readable storage devices or received from othersources.

The term “data processing apparatus” encompasses all kinds of apparatus,devices, and machines for processing data, including by way of example aprogrammable processor, a computer, a system on a chip, or multipleones, or combinations, of the foregoing. The apparatus can includespecial purpose logic circuitry, e.g., an FPGA (field programmable gatearray) or an ASIC (application-specific integrated circuit). Theapparatus can also include, in addition to hardware, code that createsan execution environment for the computer program in question, e.g.,code that constitutes processor firmware, a protocol stack, a databasemanagement system, an operating system, a cross-platform runtimeenvironment, a virtual machine, or a combination of one or more of them.The apparatus and execution environment can realize various differentcomputing model infrastructures, such as web services, distributedcomputing and grid computing infrastructures.

A computer program (also known as a program, software, softwareapplication, script, or code) can be written in any form of programminglanguage, including compiled or interpreted languages, declarative orprocedural languages, and it can be deployed in any form, including as astand-alone program or as a module, component, subroutine, object, orother unit suitable for use in a computing environment. A computerprogram may, but need not, correspond to a file in a file system. Aprogram can be stored in a portion of a file that holds other programsor data (e.g., one or more scripts stored in a markup languagedocument), in a single file dedicated to the program in question, or inmultiple coordinated files (e.g., files that store one or more modules,sub-programs, or portions of code). A computer program can be deployedto be executed on one computer or on multiple computers that are locatedat one site or distributed across multiple sites and interconnected by acommunication network.

The processes and logic flows described in this specification can beperformed by one or more programmable processors executing one or morecomputer programs to perform actions by operating on input data andgenerating output. The processes and logic flows can also be performedby, and apparatus can also be implemented as, special purpose logiccircuitry, e.g., an FPGA (field programmable gate array) or an ASIC(application-specific integrated circuit).

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andany one or more processors of any kind of digital computer. Generally, aprocessor will receive instructions and data from a read-only memory ora random access memory or both. The essential elements of a computer area processor for performing actions in accordance with instructions andone or more memory devices for storing instructions and data. Generally,a computer will also include, or be operatively coupled to receive datafrom or transfer data to, or both, one or more mass storage devices forstoring data, e.g., magnetic, magneto-optical disks, or optical disks.However, a computer need not have such devices. Moreover, a computer canbe embedded in another device, e.g., a mobile telephone, a personaldigital assistant (PDA), a mobile audio or video player, a game console,a Global Positioning System (GPS) receiver, or a portable storage device(e.g., a universal serial bus (USB) flash drive), to name just a few.Devices suitable for storing computer program instructions and datainclude all forms of non-volatile memory, media and memory devices,including by way of example semiconductor memory devices, e.g., EPROM,EEPROM, and flash memory devices; magnetic disks, e.g., internal harddisks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROMdisks. The processor and the memory can be supplemented by, orincorporated in, special purpose logic circuitry.

To provide for interaction with a user, embodiments of the subjectmatter described in this specification can be implemented on a computerhaving a display device, e.g., a CRT (cathode ray tube) or LCD (liquidcrystal display) monitor, for displaying information to the user and akeyboard and a pointing device, e.g., a mouse or a trackball, by whichthe user can provide input to the computer. Other kinds of devices canbe used to provide for interaction with a user as well; for example,feedback provided to the user can be any form of sensory feedback, e.g.,visual feedback, auditory feedback, or tactile feedback; and input fromthe user can be received in any form, including acoustic, speech, ortactile input. In addition, a computer can interact with a user bysending documents to and receiving documents from a device that is usedby the user; for example, by sending web pages to a web browser on auser's client device in response to requests received from the webbrowser.

Embodiments of the subject matter described in this specification can beimplemented in a computing system that includes a back-end component,e.g., as a data server, or that includes a middleware component, e.g.,an application server, or that includes a front-end component, e.g., aclient computer having a graphical user interface or a Web browserthrough which a user can interact with an implementation of the subjectmatter described in this specification, or any combination of one ormore such back-end, middleware, or front-end components. The componentsof the system can be interconnected by any form or medium of digitaldata communication, e.g., a communication network. Examples ofcommunication networks include a local area network (“LAN”) and a widearea network (“WAN”), an inter-network (e.g., the Internet), andpeer-to-peer networks (e.g., ad hoc peer-to-peer networks).

The computing system can include clients and servers. A client andserver are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other. In someembodiments, a server transmits data (e.g., an HTML page) to a clientdevice (e.g., for purposes of displaying data to and receiving userinput from a user interacting with the client device). Data generated atthe client device (e.g., a result of the user interaction) can bereceived from the client device at the server.

While this specification contains many specific implementation details,these should not be construed as limitations on the scope of anyinventions or of what may be claimed, but rather as descriptions offeatures specific to particular embodiments of particular inventions.Certain features that are described in this specification in the contextof separate embodiments can also be implemented in combination in asingle embodiment. Conversely, various features that are described inthe context of a single embodiment can also be implemented in multipleembodiments separately or in any suitable subcombination. Moreover,although features may be described above as acting in certaincombinations and even initially claimed as such, one or more featuresfrom a claimed combination can in some cases be excised from thecombination, and the claimed combination may be directed to asubcombination or variation of a subcombination.

Similarly, while operations are depicted in the drawings in a particularorder, this should not be understood as requiring that such operationsbe performed in the particular order shown or in sequential order, orthat all illustrated operations be performed, to achieve desirableresults. In certain circumstances, multitasking and parallel processingmay be advantageous. Moreover, the separation of various systemcomponents in the embodiments described above should not be understoodas requiring such separation in all embodiments, and it should beunderstood that the described program components and systems cangenerally be integrated together in a single software product orpackaged into multiple software products.

Thus, particular embodiments of the subject matter have been described.Other embodiments are within the scope of the following claims. In somecases, the actions recited in the claims can be performed in a differentorder and still achieve desirable results. In addition, the processesdepicted in the accompanying figures do not necessarily require theparticular order shown, or sequential order, to achieve desirableresults. In certain implementations, multitasking and parallelprocessing may be advantageous.

What is claimed is:
 1. (canceled)
 2. A method for controlling a securitysystem, the method comprising: upon receiving an access request toaccess a component device coupled to the security system, determiningwhether an authorized user is within a region monitored by the securitysystem; and selectively causing a notification regarding the accessrequest to be sent to a designated user, based on a result of thedetermining.
 3. The method of claim 2, wherein, upon determining thatthe authorized user is within the region monitored by the securitysystem, the notification is sent to the designated user.
 4. The methodof claim 2, further comprising: upon determining that the authorizeduser is not within the region monitored by the security system, grantingthe access request to access the component device without causing thenotification to be sent.
 5. The method of claim 2, wherein thedetermining further comprises: receiving data from a user device of theauthorized user to determine a physical location of the authorized user;and comparing the physical location with a location of the securitysystem to determine whether the authorized user is within the regionmonitored by the security system.
 6. The method of claim 2, wherein thedetermining further comprises: receiving sensory data from the componentdevice to determine whether the authorized user is within the regionmonitored by the security system.
 7. The method of claim 6, wherein thesensory data is indicative of a presence of an identifier device issuedto the authorized user.
 8. The method of claim 2, further comprising:upon determining that the authorized user is within the region monitoredby the security system, automatically changing a configuration of thesecurity system.
 9. The method of claim 8, wherein automaticallychanging the configuration comprises arming and/or disarming a subset ofthe security system.
 10. The method of claim 2, wherein causing thenotification to be sent comprises: causing the component device to emita user perceivable alert.
 11. The method of claim 2, wherein causing thenotification to be sent comprises: instructing a remote server,communicatively coupled to the security system, to send a notifyingmessage to a user device of the designated user.
 12. The method of claim2, wherein the region is monitored by the component device.
 13. Themethod of claim 2, wherein the component device is configured to capturea visual representation of the region.
 14. The method of claim 2,wherein the notification includes an identification of a source thatgenerated the access request.
 15. The method of claim 2, wherein thedesignated user includes the authorized user.
 16. A method forcontrolling a security system, the method comprising: determiningwhether an authorized user is within a region monitored by the securitysystem; and upon determining that the authorized user is within theregion monitored by the security system, automatically changing aconfiguration of the security system by operations including arming ordisarming a subset of the security system.
 17. The method of claim 16,further comprising: accessing a configuration profile of the authorizeduser, wherein the configuration profile specifies which component devicein the security system is to be armed or disarmed.
 18. The method ofclaim 17, wherein the configuration profile defines the region monitoredby the security system.
 19. The method of claim 17, wherein theconfiguration profile is accessible through a remote servercommunicatively coupled to the security system.
 20. The method of claim16, further comprising: accessing a schedule of the authorized user, indetermining whether the authorized user is within the region monitoredby the security system
 21. A security system having a processor and amemory storing a plurality of instructions which, when executed by theprocessor, cause the system to perform a method comprising: uponreceiving an access request to access a component device coupled to thesecurity system, determining whether an authorized user is within aregion monitored by the security system; and selectively causing anotification regarding the access request to be sent to a designateduser, based on a result of the determining.